Compliance documentation

Data Processing Agreements

Standard DPA terms are incorporated into our Terms of Service and accepted on signup. The documents below are available for enterprise customers who require a separately executed DPA for their records.

UK GDPR

Data Processing Agreement

For UK-based controllers processing under the UK General Data Protection Regulation and Data Protection Act 2018. Includes IDTA provisions for international transfers.

15 sections · Schedule 1 · Schedule 2 (TOMs) · A4

Download PDF

EU GDPR

Data Processing Agreement

For EEA-based controllers processing under Regulation (EU) 2016/679. Incorporates Standard Contractual Clauses (Module Two) for EU-US transfers.

15 sections · Schedule 1 · Schedule 2 · SCC Annex · A4

Download PDF

US CCPA / CPRA

Data Processing Addendum

For US businesses processing under California Consumer Privacy Act, CPRA, and applicable state privacy laws (VCDPA, CPA, CTDPA, UCPA).

16 sections · HIPAA reference · US Letter

Download PDF

Key terms

Common across all agreements

AI training prohibition

SafeRedact and all sub-processors (including Anthropic) are prohibited from using customer data to train, fine-tune, or improve AI models.

Sub-processors

Anthropic (AI classification, SOC 2 Type II, zero retention), Vercel (hosting, SOC 2 Type II), Supabase (auth & metadata, SOC 2 Type II).

Breach notification

Written notification within 72 hours of confirmed personal data breach. Includes nature of breach, categories of data, and remediation steps.

Need a project-scoped DPA for a single engagement, or have questions about specific terms? Contact support@saferedact.app.

Ready to get started?

Tell us about your compliance requirements and we'll scope the right engagement.

Contact Sales Security Architecture →